IBM Security QRadar V7.3.1 Fundamental Administration — Question 19

A Guardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from this application, performance of the S-TAP and sniffer is a concern.
What action should the administrator use in the rule?

Answer options

• A. Ignore Session
• B. Ignore S-TAP Session
• C. Ignore SQL per Session
• D. Ignore Responses per Session

Correct answer: B

Explanation

The correct answer is B, 'Ignore S-TAP Session', as it specifically targets the S-TAP, which is crucial for monitoring traffic. Options A, C, and D do not specifically address the performance concerns related to the S-TAP and would not effectively reduce the load caused by the high volume of application traffic.